by: Mark Lofthouse, CEO of Mortgage Brain

From May 25th 2018, a new set of rules and responsibilities about how personal data should be used and protected come in to force. General Data Protection Regulation (GDPR) will affect everyone involved in collecting and processing data about individuals in the context of selling goods and services.

But what exactly are the new rules and what do they mean for you and your business?

The world is a very different place from 1995, which is when the last EU Data Protection Directive was brought in.

Thanks to huge advances in technology, personal data is much more accessible and free flowing than it was 20 years ago and these changes are designed to protect those whose data it is.

Although the GDPR won’t replace the Data Protection Act, it is requiring the Act to be changed. And no, any potential Brexit fallout will not stop these new rules from being implemented.

What are the changes?

They broadly cover two areas – much stronger rights for individuals and consumers to be informed about how organisations use their personal data, and the duty of organisations to report any data breaches within 72 hours.

For example, consumers will have the right to request that personal data be deleted or removed and if there’s no compelling reason for an organisation to carry on storing personal information, it must be deleted.

New rights around marketing consent, data portability and seeing what information is being held also come into play.

The requirements on consent have also changed. Rather than an assumption that a consumer who doesn’t say ‘no’ is automatically consenting to have their data used, there will have to be a positive ‘opt in’ in order for the organisation to gain consent.

And if client information and data is used for any purposes that are not consistent with the original aim, further consent needs to be gained. It must also be as easy to remove consent as it is to grant it.

It’s not just new client data either, personal data already collected and stored will be subject to the GDPR rules.

All these things have obvious resonance in the mortgage advice market, where the collection and use of personal and financial data is a massive part of the working day. GDPR, therefore, is not something that can be ignored.

What needs to be done?

First there are two pieces of good news. If mortgage advisers are currently complying with the Data Protection Act then they’re well on the way to complying with the GDPR.

Second, some mortgage tech companies have systems out in the market that will enable advisers to adhere to the required rules of GDPR, so if you use one of them, you’re again, well on the way to complying with the GDPR. If you’re not sure, a quick call to your systems supplier should give you the answer.

However, there are still compliance and procedure processes to sort out. For example, it is an adviser’s responsibility to ensure that how the data is collected (the issue of consent) and how it is used complies with GDPR.

It is also essential to ensure that data is sufficiently protected from hacking or other security breaches by installing strong enough security into your systems. Using anti-virus software is one step many have already taken but using encryption software is the next one needed.

All the above means that advisers may have to change their systems and procedures to comply with the new rules.

It is critical that everyone in the organisation who collects or handles data knows what their responsibilities are under the new rules and that, at least while the new systems are bedding in, sufficient monitoring takes place to ensure there are no breaches.

Why should you comply?

Apart from the fact that from May 2018 complying with GDPR will be a legal requirement and you could be fined the greater of €20million or up to 4% of your annual turnover if you don’t comply, GDPR can actually be good for business.

With more and more organisations falling foul of hackers, and more people’s data ending up in the hands of cold callers and the like, trust around data security is low.

If your customers believe that you are looking after their information and that they have control over how the data is collected and used, and assurances that it won’t fall in to the hands of a less than reputable organisation, they’re more likely to use your services.

In addition, using customer data more effectively means advisers can target the right customers with the right products that are right for them. Marketing should be better focused and bring improved results.

How can technology companies help?

In order to be certain they are GDPR ready, advisers need to talk to their technology suppliers and be reassured that their systems will enable compliance.

The best tech companies should also be able to offer advice on how to use those systems for GDPR. Have a look for some of the industry events and see what’s on the agenda. GDPR is a hot topic and those in the know, know.

Advisers that are not GDPR compliant when the new rules come into place will find themselves seriously hampered when dealing with new and existing clients.

My advice is to pin the responsibility for this on someone in your organisation, if you haven’t already, and make sure all is sorted well in advance of next May.

Mortgage Brain owns AE3Media, the parent company of Mortgage Solutions

You may also be interested in

Our journalists interview key industry entrepreneurs, strategists and commentators for day-to-day market insight and a strategic view of where the industry is heading. We offer lessons for success and explore the opportunities for your business

Here, we share case studies fleshing out best practice to help you decide what could work for your business. Take a look at how others approached complex tasks like launching a new mortgage lender, advising on a new product area or deciding to specialise in another. Learn from others mistakes and triumphs.

Vote in our weekly poll here. It’s your chance to tell us what you think and be heard on the top news stories of the week. Review our archive to find out what your industry really thinks and all our coverage of the results.

Be part of the conversation on Mortgage Solutions. We want to hear from you. We have a tool called Disqus to tell us which stories get the most comments each week. Every Friday, the team picks the most thoughtful or opinionated contributions from our readers to enjoy again. Don’t forget to share your favourite stories from the site on social media to keep the conversation going.

NEWSLETTER SIGN UP

For just two more minutes of your time, you can register for premium access

Specialist lending newsletters

Access to exclusive content

Priority event notifications

Business information tailored specifically to your business needs

Engage in interactive commenting and voting in our weekly polls

Specialist Lending Newsletter

You may also be interested in the Specialist Lending Solutions newsletter. All the latest news, analysis and insight from the mainstream residential lending market. Including industry news, adviser business strategy tips and market commentary.

Email address

First name

Surname

Postcode

LOGIN

please sign-in using your email and password

Success....

Please enter your email address and we will email you a link where you can change your password.

Premium access

Register to gain access to MortgageSolutions.co.uk for the latest news analysis, interactive comment, industry video and features, all at your finger tips. Vote in our polls, get your opinion across on the news and watch out for our weekly editorial round-up features.

Delegate places are free of charge, subject to approval by the organisers based on job criteria

Registered delegates have access to the seminars where applicable. You will be given an identification badge, which must be shown upon request.

Once you have registered and your application has been accepted, then you are expected to attend. If you are subsequently unable to attend, please make sure your notice of cancellation is sent at least three weeks prior to the date of the event.

All cancellations must be received in writing. You will receive confirmation of your cancellation. Suitably qualified replacements may be sent if you are unable to attend; however, the organisers must approve them before the event takes place.

Should you be unable to attend, a substitute delegate is always welcome, subject to confirmation by the organisers and on receipt of the change in writing.

AE3 Media reserves the right to change the programme, speakers, dates or venue at any time, without notice. Should for any reason the venue or speakers change, or the event be cancelled due to an act of terrorism, extreme weather, disease control, industrial action, act of God or any eventuality beyond the control of AE3 Media, we shall endeavour to reschedule; but the client hereby indemnifies AE3 Media and holds AE3 Media harmless from and against any and all costs, damages and expenses, including legal fees, incurred by the client.

AE3 Media will not be liable for damage, loss, injury, accident, annoyance, delay or irregularity, which occurs by reason of any act or default committed by any person or company.

UK law shall apply to any claim against AE3 Media and all proceedings shall be within the exclusive domain of the UK Courts.

The signature of the delegate/visitor or his/her duly authorised agent on the registration form shall signify the delegate/visitor's acceptance of the above conditions and the same shall bind both parties to this contract.